Dori Smith posted
June 6, 2001 9:50 PM   Subscribe

Dori Smith posted a pointer to a page on Winerlog where he's trying to organize a project to get people to hack Manila sites. How do people feel about this? What if your site got hacked? Should UserLand, in your opinion, support this? Is this free speech, or is it screaming fire in a crowded movie theater? What if he starts posting how-to's? Looking forward to an interesting discussion.
posted by davewiner (33 comments total)
 
this isn't free speech, this is a call for breaking and entering. I find it analogous to: you're not allowed to cry "fire" in a crowded theatre.

whether or not you feel that the information you'd acquire is useful enough to let it go on is your call.

just my opinion, and I'm a big free speech person, but you don't have to host this guy.

you can, and look particularly generous, but there are lots of free hosting sites out there. he can find another one. you're not a monopoly. his chance for self-expression won't evaporate if you pull the plug on him. you just won't be paying for it anymore.

continue, and appear to be the most open-minded guy in the world; or tell him to go elsewhere and just be like everyone else.

just a thought.

rcb
posted by rebeccablood at 10:05 PM on June 6, 2001


another thing: I'd either quit hosting him altogether or allow him to go on with this little exploit. I don't think there;s any in between.

in my opinion, telling him what he may or may not put on his page *would* be censorship (unless you have a user agreement that expressly disallows the use of any userland site for unlawful purposes, or the promotion of unlawful activities, in which case he's in violation of your contract.) telling him to take it outside seems to me to be within your rights.

rcb
posted by rebeccablood at 10:09 PM on June 6, 2001


On the bright side, you could get some free bug reports and patch up some security holes that someone else will find for you (speaking as a recent hacked victim that has been scouring security sites all day).
posted by mathowie at 10:15 PM on June 6, 2001


I wish someone would hackthispage so there'd actually be some decent content in it for once.
WARNING: Flag on the field. Self-promotion penalty. Zach is benched. Pigskin moved back ten yards.
posted by ZachsMind at 11:25 PM on June 6, 2001


Why not "hackthispage.userland.com" and let them try? Make it an ongoing thing to find Frontier or Manila bugs, give away T-shirts or CDs to people who actually hack it, distribute the fixes through the normal Frontier mechanism.

It's not right for someone to initiate a hack contest on a server that does not belong to him, but you could run with it, benefit from his point, and keep the editthispage sites more secure for the cost of some bandwidth. Might be worth it.
posted by mdeatherage at 3:18 AM on June 7, 2001


Or you could have the bad guys assassinated.
posted by ZachsMind at 4:18 AM on June 7, 2001


It occurred to me that it might make our software better, but we're already working on making our software better.

Also Rebecca's point that he can take his free speech elsewhere is an important one.
posted by davewiner at 5:17 AM on June 7, 2001


Hi Dave!
"To a thousand eyes all bugs are shallow." I like the idea of setting up a hackthispage and rewarding the successful hacks with small prizes.
Although Rebecca does make a good point about free speech, I think the reasoned approach to take is to try and exercise some control over this. That's something you can't do if you kick them out the door. Else, if you kick them out and the project continues at another host, you may suffer hacking on Frontier servers/sites and not have the benefit of knowing "how."
Either way, your servers, your bandwidth, your call, but thanks for soliciting input.
posted by nofundy at 6:02 AM on June 7, 2001


Programmers with an intimate knowledge of their products often develop blind spots to vulnerable areas, just as friends and lovers will instinctively avoid certain contentious topics of conversation. That's why OpenBSD has its code auditing procedures: tough love. The point is that you need control over the audit: saying "HAX0R THIS d000dZ!!!" isn't going to help Dave and Userland, and it's bloody selfish when the person saying it doesn't own the server.

So, Dave, if you've got the time to set up a sandbox server for HackThisPage.com, it's probably a good test of Manila's robustness. But right now, the Winerlog person/people are compromising your generosity in providing a server, and the integrity of many people's work on that server. And if that doesn't count as a TOS violation, I don't know what does.

(Were it "Hack Blogger" or "Hack MeFi", I'd say exactly the same thing.)
posted by holgate at 6:17 AM on June 7, 2001


Dave,

Suggest to the WinerLog folks that you'd like to set up a freely hackable Manila site or two, for people to flex their crackery skills upon. Just set up a server that you don't mind forfeiting to tomfoolery. It's wrong to suggest hacking innocent users' sites, but you surely have something to gain from a contest like this. So, become a participant and reap the rewards, in which the "rewards" happen to be a very "real-world" QA session, for free.

I'm not bothering to read the thread, but I'm guessing someone's already suggested this idea.

Anyway, in my opinion, it's never a bad idea for a software company to encourage its users to find bugs in its products. However, you've gotta search for the moral sweet spot in the case of webservers, and it appears that the only way of pleasing everyone is with a "crack-me" server.

You could always provide incentives, like prizes, and of course, taunts challenging their prowess and/or worth as human beings.
posted by Succa at 6:18 AM on June 7, 2001


I think WinerLog's doing Userland a backhanded favor here, assuming anyone enters the contest by the stated rules. Would you rather find out about a vulnerability as a result of a contest in which the cracker makes an insignificant addition to a site or through something a lot more malicious?

As for whether WinerLog belongs on Userland, I don't think this is any better or worse than anything that has been on the weblog for the last year. If it were my angriest critic on my server, I'd want to keep him around.
posted by rcade at 6:54 AM on June 7, 2001


I'd just like to step in here and say that this entire thread strikes me as incredibly bad form. This sounds like a private matter between a site admin and his hosted site. If it's covered in the editthispage AUP, you have a justification to throw the guy off. If not, you don't have a leg to stand on.
Posting it here strikes me as a way to get people to agree that WinerLog is evil, so it can be eliminated without an outcry.
If you want to throw the WinerLog guy off, do it already. Just don't come running to Metafilter to give you the moral backup to do it.
posted by darukaru at 7:07 AM on June 7, 2001


Winerlog has always been a place to get a different point of view on Dave Winer and Userland, the company. Not everyone agrees with Dave all the time, and Dave has shown in the past that he has been hostile towards people who have publicly disagreed with him. I think Dave puts up with Winerlog because if he were to throw the site off his servers, he'd be giving Winerlog exactly what he (Winerlog site owner) wants: more ammunition against Dave.

However, one needs to ask, "Was Winerlog created before the "site hosting agreement" was posted on EditThisPage.com and ManilsaSites.com?" If so, does it have to conform to it?

I think that Dave/Userland should take this seriously and set up their own security challenge and ask the Winerlog owner to change the rules of the contest so that you have to hack a specific server/site instead of any ETP/ManilaSites.com site.

For Dave/Userland to simply throw Winerlog off the server and ignore the security challenge is not a very pro-active thing to do, regardless of whether Winerlog broke the site hosting rules.
posted by camworld at 8:38 AM on June 7, 2001


dave, I think the idea proposed here of devoting a server to this contest is the best one. no matter how hard your team is working to make your software better, having lots of people working with you on this particular aspect in exchange for a t-shirt or mug is a deal you can't beat.

it gives you some control over the whole deal, and protects the userland folks. it makes you look smart. it puts you on the playing field.

darkaru, in defense of dave: you may not have followed the situation, but I think your criticism is unfounded. when dave considered throwing winerlog off his servers some time ago, he was persuaded by the community that it was a free-speech issue, and he allowed him to stay. now the guy has crossed another line, and dave is asking the community again for guidance.

I disagree with a lot of dave's statements and often with his actions, but it appears to me that free speech is one of his core values, and I admire him for working so hard to understand what is the right thing to do.

his belief is being tested here in a way that yours and mine probably never will be. I can tell you that if some guy were standing outside my building, incessantly saying bad things about me (*and* I had to bring him lunch every day), I'd have a restraining order brought against him as soon as I could.

rcb
posted by rebeccablood at 8:49 AM on June 7, 2001


This is not that big a deal folks, and we're not going to redirect our development efforts. Also Rebecca, the last issue with the Winerlog guy (a real person named John Grohol) last year was that he was taking copyrighted graphics from one of our users' sites, in clear violation of the usage agreement. That there was a shitstorm over this probably had more to do with the times. Eventually we're going to get out of the hosting business altogether, we're a software company. You can see the Internet changing in real time, ask anyone who's in the "business" of providing free hosting how much longer they're going to be doing it. Our plan is to provide an easy transition to people using their own machines to render their content, so performance and user control go up (you have your data on your computer) and the reliance on my small company as a service provider drops dramatically. We must do this, we don't have the money to keep adding new machines.
posted by davewiner at 9:35 AM on June 7, 2001


his belief is being tested here in a way that yours and mine probably never will be.

Oh, spare me. This isn't a Supreme Court decision. It's the operator of a community site getting ready to eject someone because it doesn't fit his definition of community. I've seen it happen dozens of times (and often for much pettier reasons), done by people who crow 'welcoming community', 'open-minded', and 'free speech' from every rooftop.

And the 'he can take his free speech elsewhere' bit is a sign that his mind is already made up. After someone says something like this, it's only a matter of time before the hammer falls.
posted by darukaru at 9:45 AM on June 7, 2001


I'm with darukaru - this thread is definitely off in some deeply grey area of "acceptability" for MeFi, both in topic and in prohibtion on linking to works of one's own - it's not completely over into the "black" of "delete this," but I'd hate for MeFi to turn into a public forum for the flogging of unpopular users by curmugdeonly sysops.

Usually around here, we'd just say, "Yo, guys, take this kind of thing to MTalk" and that would be the end of it. So, take this to WinerTalk or whatever instead of taking up bandwidth for a discussion that really only invovles two people. If all that's intended is a discussion with other people who run similar discussion sites, well, that's what email is for, so use it.
posted by m.polo at 11:16 AM on June 7, 2001


There is no "right of free speech" on a privately owned server. The only person with rights is the owner. Anyone who uses a privately owned forum does so only with the permission of the owner of that forum.

When I got my own server and put a discussion system on it, I knew this question would eventually arise. So when I wrote my own "terms of use" I discussed this issue in depth to forestall debate. (It's in the middle and there's a headline.)
posted by Steven Den Beste at 11:46 AM on June 7, 2001


I'd also like to mention that I used to be a regular reader of various pages put up by Winer, and about fifteen months ago I got fed up with the heavy-handed way that Winer suppressed any critical opinions of him in his discussion fora. This was, in fact, about the time I started visiting MetaFilter. I exercised the one and only right I had: I stopped visiting or reading anything Dave writes or hosts. I didn't and don't have any right to force Dave to put anything on his web servers that he doesn't like.
posted by Steven Den Beste at 11:51 AM on June 7, 2001


The last time WinerLog came up, I don't think anyone claimed that Dave has an obligation to host the weblog. However, I think it's one of the positive things Userland is doing.
posted by rcade at 3:11 PM on June 7, 2001


Also Rebecca, the last issue with the Winerlog guy (a real person named John Grohol) last year was that he was taking copyrighted graphics from one of our users' sites, in clear violation of the usage agreement.

Oh, come on Dave, you still completely oblivious to the fair-use and parody exceptions to the copyright laws? This was discussed ad infinitum back when you got your panties tied in a knot about it; it's amazing that you're still claiming, in any way, that the WinerLog author (not Grohol back then, as I remember) was violating some (any!) law with his images. Just because they pissed you off doesn't make them illegal.
posted by delfuego at 1:39 AM on June 8, 2001


"I like the idea of setting up a hackthispage and rewarding the successful hacks with small prizes."

Can we reward them with jail time? *smirk*

"Oh, spare me. This isn't a Supreme Court decision. It's the operator of a community site getting ready to eject someone because it doesn't fit his definition of community."

Darukaru (and others who may see Winer as the bad guy) I recall having similar arguments with Winer and others over the years. However, as much a vocal opponent I've been in the past, I'd like to point out something to those who may not know or may have forgotten. And no I ain't turning this into a kiss ass session for Winer. Lord knows I'm not someone who kisses people's asses with any habitual regularity. I call'em as I see'em, and tho I may disagree with the guy, Winer deserves more respect than people usually give him.

As one example that comes to mind, Winer was one of the instrumental participants in 24 hours of Democracy, and as such helped initiate the concept of a webring. This was back before webring.org automated it. Please someone feel free to correct me where I'm wrong, but tho he didn't invent the concept exactly, he helped make it happen. Winer has done his duty. He's helped to improve design, content, and community on the Internet more often than most of you people pick boogers out yer nose. The reason he's often having these dilemmas about community and what to do about this trespasser or that troublemaker is because he's a trailblazer. Dave Winer's efforts on the Internet put him in the firing line. People play target practice with his head, cuz he's daring enough to stick it out there while other people play it safe, and later take advantage of his findings and discoveries.

In the end you can't win the fight, Darukaru. Who owns the server? That is the bottom line. The Internet is NOT an elusive world without boundaries and barriers, no matter how much people like me or John Perry Barlow wanted to see it be that. The sherriffs of the New Wild West are sysops. Their jurisdiction is the server(s) they own. Hackers and phreakers are the outlaws. I think having a contest to see who can successfully break into Winer's servers puts him at risk and further makes him a target both for troublemakers and just general ridicule. It's like the fastest gun in the old west daring people to shoot at him. It's not smart.
posted by ZachsMind at 3:55 AM on June 8, 2001


Anybody who prefaces their post with, "Okay, I don't kiss people's asses," then goes on to credit Winer as being a "trailblazer" in the efforts of online community is either truly clueless or the best non-ass ass kisser around.

Community on the Internet started in the form of newsgroups and mailing lists long before the Web. Community online started way back in the early 1980s on BBSs around the world, on CompuServe SIGs, and other proprietary services. Even on the Web, Winer's efforts have been a lot more about his speaking to the crowd from a platform way on high rather than a true two-way, level dialog.

People play target practice with Dave's head, as you so kindly put it, because he is the living example of Gumby.
posted by yarf at 5:42 AM on June 8, 2001


BTW, I wrote and ran a BBS in the early 80s, called LBBS.

Lots of people used LBBS then, and its user interface went on to becoming a popular product called ThinkTank, when lead to MORE, which led to..

And I started on CompuServe in 1979.

And let me add this, yarf, you're an asshole!

Heh heh so there.
posted by davewiner at 9:29 AM on June 9, 2001


To delfuego, get a life. I didn't take Winerlog down after the copyright defacement fiasco. It's still there.
posted by davewiner at 9:32 AM on June 9, 2001


BTW, to yarf, check out Manila. It's still about the best thing out that at what it does.
posted by davewiner at 9:39 AM on June 9, 2001


I see Winer hasn't changed in 15 months.
posted by Steven Den Beste at 10:58 AM on June 9, 2001


Steven, what the fuck are you talking about, I haven't changed in 15 years!

I've seen you whining about me on this board, and you should get over yourself too. Try it, you'll be happier.

Here's a clue. The world doesn't revolve around you. Go take a walk, listen to the bird sings. Their song is the clue. What are they singing? "Steven Den Beste's shit stinks and we know it." Heh hehe.

Have a great day.
posted by davewiner at 4:37 PM on June 9, 2001


(dave: meds.)

dave, how do you expect people to take seriously your concerns about what limits you should impose in the sites you own and manage, when you come into this community and post stuff like this? your behavior is unconscionable and unbecoming .

rcb
posted by rebeccablood at 5:19 PM on June 9, 2001


I don't really know much about Dave. When this was first posted I thought that for a self-link it was timely due to the recent Mefi hack. It has went downhill from there as Dave responded to attacks with more attacks.

If Dave really has done so much, why must he fight here? If Dave's community is so strong, why can't he appeal to them instead of bringing his problems here?

Dave is a programmer and there are many programmers out there. The examples put forth are simply not compelling enough for me to tolerate the perpetuation of tit for tat personal attacks. Of the 7 links he has contributed to Mefi, 3 are pretty close to self-links. As a casual observer I am having trouble seeing this as not another self-link.
posted by john at 5:58 PM on June 9, 2001


Rebecca, I asked for some guidance from the people here, they've been discussing us in other contexts, saying all kinds of nasty personal (untrue) things, that's fine, now I want Stephen and others (and you) to know that I don't take your judgement seriously, and (here comes some advice) if you want to have a happy carefree sexy life, let it go -- you don't really control anything. That's what the little birds are singing. Take care.
posted by davewiner at 6:52 AM on June 10, 2001


Great Dave, you just proved my point. You were just one of hundreds, if not thousands, of programmers who wrote and ran their own BBSs in the 1980s. Nothing special.

We now have your words, immortalized for all time, about what you think about others who've done the exact same sort of things, but haven't gotten the same type of credit you have. You show yourself for the thin-skinned, publicity-seeking self-promoting marketeer that you are.

You are right -- you have no control over what others say about you, even when you try desperately to exercise some. You remove your discussion forums when you can't take the heat of open discussion. You simply flame critics, or kick them off other forums you control. Face it -- you can't take any criticism, but you sure do love dishing it out. That makes you the worst kind of hypocrite online today.
posted by yarf at 8:14 AM on June 10, 2001


...

[three days go by and Zach opens his big fat yap to curb the silence]

Yarf, you obviously don't know me very well. I was attacking Dave Winer years before it was fashionable, and everybody rallied behind him and told me to go to hell. I learned from that experience that I'm just a meek voice in the wilderness. Just a little churchmouse. Chalkboard scratching. Totally irrelevant but annoying. I have since learned through experience and wisdom, that there are much bigger fish to fry, and in comparison Dave's not that bad a guy.

I am a believer in Patrio Psychotic Anarcho Materialism. Every server is a castle. Every system administrator is a king. Don't like how Dave runs his kingdom? Fine. Don't go there. You're wasting your time lobbing cows at him with your catapult.

Point of order though, Dave. THIS is not your domain. You're in Matt's territory, and this part of his domain is like a public courtyard where mobs can choose to praise individuals or burn them at the stake. Guess which of those two happened to you here?

Way back when, when I and a small handful of others were giving you grief, you did attempt to respond rationally but that caused us to have more vinegar in our veins. It didn't help.

Solution? Don't self-link here. Even you can't get away with it. That's evident here. And when you try to defend yourself, your opposition will always turn your words against you. It's politics, clean and simple. Yeah I know. It sucks. It means sometimes when people are throwing mud at ya, all you can do is stand there and take it. Better to stay above the fray and not respond to it by calling people assholes. In fact, I'm beginning to wonder if this DaveWiner is an impostor, cuz the Dave Winer I remember used to be above that. But that was a long time ago.

And I'm sure these words too will fall on deaf ears. Just a churchmouse. Squeak squeak. =)
posted by ZachsMind at 12:57 AM on June 14, 2001


« Older Job Rejection Letters by Jack Handey:   |   FRANCISCO VARELA (1946 - 2001)* Newer »


This thread has been archived and is closed to new comments